do you have a roadmap for eu gdpr compliance?
TRANSCRIPT
![Page 1: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/1.jpg)
Do You Have a Roadmap for EU
GDPR Compliance?
David Morris,
Thought Leader
and Pioneer in
Cybersecurity
United States
Ian West,
Specialist in
GDPR, Data
Governance,
Data Privacy &
Security
United Kingdom
Ulf Mattsson,
CTO Security
Solutions
Atlantic BT,
United States
ulf.mattsson@atla
nticbt.com
Khizar A. Sheikh,
Chair, Privacy,
Cybersecurity, and
Data Law,
Mandelbaum
Salsburg
United States
![Page 2: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/2.jpg)
GDPRCase Studies
![Page 3: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/3.jpg)
Webcast - Aug 17
3
Title : Do You Have a Roadmap for EU GDPR Compliance?
Description : The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles
data, even if it's not based in the European Union.
Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR
compliance?
Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webcast/14723/259741
![Page 4: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/4.jpg)
GDPR Case Studies
Source: EU GDPR Report, Crowd Research Partners, 2017 4
1.US and Spain – customer data2.Italy, Germany and more – financial data 3.Germany – outsourcing4.Sweden – PII data
![Page 5: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/5.jpg)
US Companies Ramping up
GDPRBudgets
![Page 6: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/6.jpg)
PWC GDPR Survey
Source: PWC GDPR Survey, 20176
PwC recently conducted a pulse survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. The survey asked the c-suite about their plans for Europe’s landmark General Data Protection Regulation (GDPR). The “pulse” revealed five surprising results.
![Page 7: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/7.jpg)
Over half of US multinationals say GDPR is their top data-protection priority
Source: PWC GDPR Survey, 2017 7
The EU reached agreement on the GDPR in December 2015, and in the last twelve months preparing for the new law’s obligations have jumped to the top of corporate agendas.
Of the 200 respondents to PwC’s recent pulse survey on GDPR preparedness, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda.
Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
![Page 8: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/8.jpg)
Information security enhancement is a top GDPR initiative
Source: PWC GDPR Survey, 2017 8
Much of the discussion about the GDPR has focused on the law’s privacy-centric requirements, such as mandatory record keeping, the right to be forgotten and data portability.
The GDPR’s relatively generic information-security obligations, however, figure prominently in GDPR plans of US companies.
•Among the 23% of survey respondents who haven’t started preparing for GDPR, their top priorities are data discovery, information security enhancement, third-party risk management and GDPR gap assessment.
•Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.
•Among the 6% who have completed GDPR preparations, the most-cited projects are information security, GDPR gap assessment, data discovery, and third-party risk management.•IT re-architecture is the lowest priority for companies in all three phases.
![Page 9: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/9.jpg)
77% plan to spend $1 million or more on GDPR
Source: PWC GDPR Survey, 2017 9
Securing a $1 million budget for data privacy has been more an exception than a rule for many American corporations.
The GDPR’s potential 4% fine of global revenues, however, has changed budget appetites for mitigating this GDPR risk.
While 24% of respondents plan to spend under $1 million for GDPR preparations, 68% said they will invest between $1 million and $10 million.
Nine percent (9%) expect to spend over $10 million to address GDPR obligations.
![Page 10: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/10.jpg)
Binding corporate rules are gaining popularity
Source: PWC GDPR Survey, 2017 10
The pulse survey asked executives which EU cross-border data-transfer mechanism they planned to use for processing EU personal data outside of Europe.
After the invalidation of the Safe Harbor agreement in October 2015, most Safe Harbor members implemented so-called model contractual clauses as a stop-gap measure.
Many observers, especially those in the legal community, thought model clauses would become the new norm.
While 58% of respondents reported that future strategies would include model contracts, a stunning 75% said they will pursue binding corporate rules (BCRs), while 77% plan to self-certify to the EU-US Privacy Shield agreement.
The uncertain future of both model contracts and the Privacy Shield may drive US multinationals to adopt two or even all three of these options to hedge their risks.
![Page 11: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/11.jpg)
How US businesses are re-evaluating their presence in Europe
Source: PWC GDPR Survey, 2017 11
US corporations that are heavily invested in Europe will probably stay the course in the near term.
Indeed, 64% of executives reported that their top strategy for reducing GDPR exposure is centralization of data centers in Europe.
Just over half (54%) said they plan to de-identify European personal data to reduce exposure.
The threats of high fines and impactful injunctions, however, clearly have many others reconsidering the importance of the European market.
In fact, 32% of respondents plan to reduce their presence in Europe, while 26% intend to exit the EU market altogether.
![Page 12: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/12.jpg)
Outlook: Striving to keep pace with the GDPR
Source: PWC GDPR Survey, 2017 12
American multinationals that have not taken significant steps to prepare for GDPR are already behind their peers. The typical large US corporation is currently moving through a data-discovery and assessment phase toward a multi-million-dollar remediation initiative that includes shoring up standard data-privacy and security capabilities in US operations. As European regulators in 2017 further clarify how they interpret the GDPR, more American companies are likely to re-evaluate the return-on-investment of their European initiatives.
![Page 13: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/13.jpg)
GDPRWW Impact
![Page 14: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/14.jpg)
GDPR Key Findings
Source: EU GDPR Report, Crowd Research Partners, 2017 14
![Page 15: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/15.jpg)
Familiarity with GDPR
Source: EU GDPR Report, Crowd Research Partners, 2017 15
![Page 16: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/16.jpg)
GDPR Impact
Source: EU GDPR Report, Crowd Research Partners, 2017 16
![Page 17: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/17.jpg)
GDPR Impact by Industry
Source: EU GDPR Report, Crowd Research Partners, 2017 17
![Page 18: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/18.jpg)
GDPR Compliance by Region
Source: EU GDPR Report, Crowd Research Partners, 2017 18
![Page 19: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/19.jpg)
GDPR Compliance by Industry
Source: EU GDPR Report, Crowd Research Partners, 2017 19
![Page 20: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/20.jpg)
GDPR Preparedness
Source: EU GDPR Report, Crowd Research Partners, 2017 20
![Page 21: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/21.jpg)
GDPR Organizational Ownership
Source: EU GDPR Report, Crowd Research Partners, 2017 21
![Page 22: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/22.jpg)
GDPR - Challenges
Source: EU GDPR Report, Crowd Research Partners, 2017 22
![Page 23: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/23.jpg)
GDPR Initiatives
Source: EU GDPR Report, Crowd Research Partners, 2017 23
![Page 24: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/24.jpg)
GDPR Chapters of Concern
Source: EU GDPR Report, Crowd Research Partners, 2017 24
![Page 25: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/25.jpg)
GDPR Articles of Concern
Source: EU GDPR Report, Crowd Research Partners, 2017 25
![Page 26: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/26.jpg)
GDPR Impact on Security Practices
Source: EU GDPR Report, Crowd Research Partners, 2017 26
![Page 27: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/27.jpg)
GDPR Impact on Security Budgets
Source: EU GDPR Report, Crowd Research Partners, 2017 27
![Page 28: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/28.jpg)
GDPRChallenges
![Page 29: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/29.jpg)
GDPR Study - Demographics
Source: Ponemon Institute, 2017 29
![Page 30: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/30.jpg)
GDPR – Our Sample
Source: Ponemon Institute, 2017 30
![Page 31: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/31.jpg)
GDPR Most Difficult
Source: Ponemon Institute, 2017 31
![Page 32: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/32.jpg)
GDPR PII Definition is more expansive
Source: Ponemon Institute, 2017 32
![Page 33: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/33.jpg)
GDPR – Compliance to Breach Process
Source: Ponemon Institute, 2017 33
![Page 34: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/34.jpg)
GDPR – Plan to meet GRC Requirements
Source: Ponemon Institute, 2017 34
![Page 35: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/35.jpg)
GDPR IT Sec Budget
Source: Ponemon Institute, 2017 35
![Page 36: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/36.jpg)
GDPR Data Governance Budgets
Source: Ponemon Institute, 2017 36
![Page 37: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/37.jpg)
GDPR – Data Protection Officers
Source: Ponemon Institute, 2017
37
![Page 38: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/38.jpg)
GDPR Governance In-place
Source: Ponemon Institute, 2017 38
![Page 39: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/39.jpg)
GDPR – Rights to EU Citizens?
Source: Ponemon Institute, 2017 39
![Page 40: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/40.jpg)
GDPR – Do you know Which Data has Gone to 3rd
parties?
Source: Ponemon Institute, 2017 40
![Page 41: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/41.jpg)
GDPR compared to PCI, HIPAA and more
Source: Ponemon Institute, 2017 41
![Page 42: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/42.jpg)
Preparing forGDPR
![Page 43: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/43.jpg)
Preparing for GDPR
43
![Page 44: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/44.jpg)
Preparing for GDPR: People
Source: IBM, 2017 44
![Page 45: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/45.jpg)
Preparing for GDPR: Process
Source: IBM, 2017 45
![Page 46: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/46.jpg)
Preparing for GDPR: Technology
Source: IBM, 2017 46
![Page 47: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/47.jpg)
Preparing for GDPR Moving Forward
Source: IBM, 2017 47
![Page 48: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/48.jpg)
Steps for for Securing Data to Comply with the
GDPR
![Page 49: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/49.jpg)
Does GDPR Apply?
Source: Imperva, 2017 49
![Page 50: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/50.jpg)
Checklist for GDPR
Source: Imperva, 2017 50
![Page 51: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/51.jpg)
Source: Imperva, 2017 51
Checklist for GDPR
![Page 52: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/52.jpg)
GDPR Rules Requires Data Protection Technology
Source: Imperva, 2017 52
![Page 53: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/53.jpg)
GDPR Prep Now or Pay the Price
Source: Imperva, 2017 53
![Page 54: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/54.jpg)
GDPR – Plan to go The Distance
Source: Imperva, 2017 54
![Page 55: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/55.jpg)
GDPR Already a Reality
![Page 56: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/56.jpg)
GDPR Already a Reality
Source: Cordery Legal Compliance, UK, 2017 56
![Page 57: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/57.jpg)
GDPR – Your Plan
Source: Cordery Legal Compliance, UK, 2017 57
![Page 58: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/58.jpg)
Source: Cordery Legal Compliance, UK, 2017 58
GDPR – Your Plan
![Page 59: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/59.jpg)
GDPR 12 Steps to take
now(ICO UK)
![Page 60: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/60.jpg)
Preparing for GDPR
Source: ICO – Information Commissioner’s Office, UK, 2017
60
![Page 61: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/61.jpg)
GDPR Key Problems and
Some Solutions
![Page 62: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/62.jpg)
62
The Currency of Trust: The “Why” of GDPR
Source: Exate, 2017
![Page 63: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/63.jpg)
What will GDPR cost?
Source: Exate, 2017
![Page 64: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/64.jpg)
The Challenges …
Source: Exate, 2017
![Page 65: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/65.jpg)
The Problem
Source: Exate, 2017
![Page 66: Do You Have a Roadmap for EU GDPR Compliance?](https://reader031.vdocuments.us/reader031/viewer/2022022415/5a66a74b7f8b9ac5128b6095/html5/thumbnails/66.jpg)
What If …
Source: Exate, 2017